#!/bin/sh
#
# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
#
# This is free software, licensed under the GNU General Public License v3 or later.
# See /LICENSE for more information.
#

KERNEL=${KERNEL:-5.4}
UPSTREAM=${UPSTREAM:-no}
[ "$UPSTREAM" = "yes" ] && KERNEL="5.15"
UPSTREAM6=${UPSTREAM6:-no}
[ "$UPSTREAM6" = "yes" ] && KERNEL="6.1"
SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
#NBCPU=${NBCPU:-$(nproc --all | tr -d "\n")}
NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")}
OBFS=${OBFS:-yes}
V2RAY_PLUGIN=${V2RAY_PLUGIN:-no}
V2RAY=${V2RAY:-yes}
V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")}
XRAY=${XRAY:-yes}
XRAY_UUID=${XRAY_UUID:-$V2RAY_UUID}
SHADOWSOCKS=${SHADOWSOCKS:-yes}
SHADOWSOCKS_GO=${SHADOWSOCKS_GO:-yes}
PSK=${PSK:-$(head -c 32 /dev/urandom | base64 -w0)}
UPSK=${UPSK:-$(head -c 32 /dev/urandom | base64 -w0)}
UPDATE_OS=${UPDATE_OS:-yes}
UPDATE=${UPDATE:-yes}
TLS=${TLS:-yes}
OMR_ADMIN=${OMR_ADMIN:-yes}
OMR_ADMIN_PASS=${OMR_ADMIN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
OMR_ADMIN_PASS_ADMIN=${OMR_ADMIN_PASS_ADMIN:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
MLVPN=${MLVPN:-yes}
MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
UBOND=${UBOND:-no}
UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
OPENVPN=${OPENVPN:-yes}
DSVPN=${DSVPN:-yes}
WIREGUARD=${WIREGUARD:-yes}
SOURCES=${SOURCES:-no}
if [ "$KERNEL" != "5.4" ]; then
	SOURCES="yes"
fi
NOINTERNET=${NOINTERNET:-no}
REINSTALL=${REINSTALL:-yes}
SPEEDTEST=${SPEEDTEST:-yes}
IPERF=${IPERF:-yes}
LOCALFILES=${LOCALFILES:-no}
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
KERNEL_VERSION="5.4.207"
KERNEL_PACKAGE_VERSION="1.22"
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
if [ "$KERNEL" = "5.15" ]; then
	KERNEL_VERSION="5.15.57"
	KERNEL_PACKAGE_VERSION="1.6"
	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}"
fi
if [ "$KERNEL" = "6.1" ]; then
	KERNEL_VERSION="6.1.0"
	KERNEL_PACKAGE_VERSION="1.30"
	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
fi
GLORYTUN_UDP=${GLORYTUN_UDP:-yes}
GLORYTUN_UDP_VERSION="23100474922259d00a8c0c4b00a0c8de89202cf9"
GLORYTUN_UDP_BINARY_VERSION="0.3.4-5"
GLORYTUN_TCP=${GLORYTUN_TCP:-yes}
GLORYTUN_TCP_BINARY_VERSION="0.0.35-6"
#MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b"
MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
OBFS_BINARY_VERSION="0.0.5-1"
OMR_ADMIN_VERSION="f974719ddc902246ac0cd559372495ec23b262df"
OMR_ADMIN_BINARY_VERSION="0.9+20240324"
#OMR_ADMIN_BINARY_VERSION="0.3+20220827"
DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
DSVPN_BINARY_VERSION="0.1.4-2"
V2RAY_VERSION="5.7.0"
V2RAY_PLUGIN_VERSION="4.43.0"
XRAY_VERSION="1.8.6"
EASYRSA_VERSION="3.0.6"
#SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
#if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
	SHADOWSOCKS_VERSION="8fc18fcba3226e31f9f2bb9e60d6be6a1837862b"
#fi
IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000"
SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
SHADOWSOCKS_GO_VERSION="1.8.0"
DEFAULT_USER="openmptcprouter"
VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
VPSPATH="server"
VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)}
VPSURL="https://www.openmptcprouter.com/"
REPO="repo.openmptcprouter.com"
CHINA=${CHINA:-no}

OMR_VERSION="0.1030"

DIR=$( pwd )
#"
set -e
umask 0022
export LC_ALL=C
export PATH=$PATH:/sbin
export DEBIAN_FRONTEND=noninteractive 

echo "Check user..."
if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi

# Check Kernel
if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "5.15" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ]; then
	echo "Only kernels 5.4, 5.15, 6.1 and 6.6 are currently supported"
	exit 1
fi

# Check Linux version
echo "Check Linux version..."
if test -f /etc/os-release ; then
	. /etc/os-release
else
	. /usr/lib/os-release
fi
if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ] && [ "$VERSION_ID" != "12" ]; then
	echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x), Debian Bullseye (11.x) or Debian Bookworm (12.x)"
	exit 1
elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ] && [ "$VERSION_ID" != "22.04" ]; then
	echo "This script only work with Ubuntu 18.04, 19.04, 20.04 or 22.04"
	echo "Use debian when possible"
	exit 1
elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Ubuntu 22.04, Debian Stretch (9.x), Debian Buster (10.x), Debian Bullseye (11.x) or Debian Bookworm (12.x)"
	echo "Use Debian when possible"
	exit 1
fi

echo "Check architecture..."
ARCH=$(dpkg --print-architecture | tr -d "\n")
if ([ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]) && [ "$ARCH" != "amd64" ] && [ "$ID" != "debian" ]; then
	echo "Only x86_64 (amd64) is supported on this OS"
	exit 1
fi

if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then
	echo "Check virtualized environment"
	VIRT="$(systemd-detect-virt 2>/dev/null || true)"
	if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then
		echo "Container are not supported: kernel can't be modified."
		exit 1
	fi
fi

# Check if DPKG is locked and for broken packages
#dpkg -i /dev/zero 2>/dev/null
#if [ "$?" -eq 2 ]; then
#	echo "E: dpkg database is locked. Check that an update is not running in background..."
#	exit 1
#fi
echo "Check about broken packages..."
apt-get check >/dev/null 2>&1
if [ "$?" -ne 0 ]; then
	echo "E: \`apt-get check\` failed, you may have broken packages. Aborting..."
	exit 1
fi

# Fix old string...
if [ -f /etc/motd ] && grep --quiet 'OpenMPCTProuter VPS' /etc/motd ; then
	sed -i 's/OpenMPCTProuter/OpenMPTCProuter/g' /etc/motd
fi
if [ -f /etc/motd.head ] && grep --quiet 'OpenMPCTProuter VPS' /etc/motd.head ; then
	sed -i 's/OpenMPCTProuter/OpenMPTCProuter/g' /etc/motd.head
fi

# Check if OpenMPTCProuter VPS is already installed
echo "Check if OpenMPTCProuter VPS is already installed..."
update="0"
if [ "$UPDATE" = "yes" ]; then
	if [ -f /etc/motd ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd ; then
		update="1"
	elif [ -f /etc/motd.head ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd.head ; then
		update="1"
	elif [ -f /root/openmptcprouter_config.txt ]; then
		update="1"
	fi
	echo "Update mode"
fi
# Force update key
#[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
#	echo "Update OpenMPTCProuter repo key"
#	#wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
#	wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg
#}

CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')"
if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then
	exit 1
fi

# Force update key
[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
	echo "Update ${REPO} key"
	apt-key del '2FDF 70C8 228B 7F04 42FE  59F6 608F D17B 2B24 D936' 2>&1 >/dev/null
	if [ "$CHINA" = "yes" ]; then
		#wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
		wget https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg
	else
		#wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
		wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg
	fi
}

echo "Remove lock and update packages list..."
rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend
rm -f /var/cache/apt/archives/lock
rm -f /etc/apt/sources.list.d/buster-backports.list
if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
	apt-get update
else
	apt-get update --allow-releaseinfo-change
fi
rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend
rm -f /var/cache/apt/archives/lock
echo "Install apt-transport-https, gnupg and openssh-server..."
apt-get -y install apt-transport-https gnupg openssh-server

#if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then
if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then
	echo "Update Debian 9 Stretch to Debian 10 Buster"
	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
	sed -i 's:stretch:buster:g' /etc/apt/sources.list
	apt-get update --allow-releaseinfo-change
	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
	VERSION_ID="10"
fi
if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
	echo "Update Debian 10 Buster to Debian 11 Bullseye"
	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
	sed -i 's:buster:bullseye:g' /etc/apt/sources.list
	sed -i 's:bullseye/updates:bullseye-security:g' /etc/apt/sources.list
	apt-get update --allow-releaseinfo-change
	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
	VERSION_ID="11"
fi
if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
	echo "Update Debian 11 Bullseye to Debian 12 Bookworm"
	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
	sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list
	apt-get update --allow-releaseinfo-change
	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
	VERSION_ID="12"
fi
if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then
	echo "Update Ubuntu 18.04 to Ubuntu 20.04"
	apt-get -y -f --force-yes --allow-downgrades upgrade
	apt-get -y -f --force-yes --allow-downgrades dist-upgrade
	sed -i 's:bionic:focal:g' /etc/apt/sources.list
	apt-get update --allow-releaseinfo-change
	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
	VERSION_ID="20.04"
fi
if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
	echo "Update Ubuntu 20.04 to Ubuntu 22.04"
	apt-get -y -f --force-yes --allow-downgrades upgrade
	apt-get -y -f --force-yes --allow-downgrades dist-upgrade
	sed -i 's:focal:jammy:g' /etc/apt/sources.list
	apt-get update --allow-releaseinfo-change
	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
	VERSION_ID="22.04"
fi

# Add OpenMPTCProuter repo
echo "Add OpenMPTCProuter repo..."
if [ "$CHINA" = "yes" ]; then
	echo "Install git..."
	apt-get -y install git
	if [ ! -d /var/lib/openmptcprouter-vps-debian ]; then
		#git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
		git clone https://gitlab.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
	fi
	cd /var/lib/openmptcprouter-vps-debian
	git pull
#	if [ "$VPSPATH" = "server-test" ]; then
#		git checkout develop
#	else
#		git checkout main
#	fi
	echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list
	cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add -
	if [ ! -d /usr/share/omr-server-git ]; then
		#git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
		git clone https://gitlab.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
	fi
	cd /usr/share/omr-server-git
	git pull
	if [ "$VPSPATH" = "server-test" ]; then
		git checkout develop
	else
		git checkout master
	fi
	LOCALFILES="yes"
	TLS="no"
	DIR="/usr/share/omr-server-git"
else
	echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list
	cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
		Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
		Package: *
		Pin: origin ${REPO}
		Pin-Priority: 1001
	EOF
	if [ -n "$(echo $OMR_VERSION | grep test)" ]; then
		echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list
#		cat <<-EOF | tee -a /etc/apt/preferences.d/openmptcprouter.pref
#			Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
#			Package: *
#			Pin: origin ${REPO}
#			Pin-Priority: 1002
#		EOF
	else
		rm -f /etc/apt/sources.list.d/openmptcprouter-test.list
	fi
	if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then
		cat <<-EOF | tee -a /etc/apt/preferences.d/openmptcprouter.pref
			Explanation: Prefer libuv1 Debian native package
			Package: libuv1
			Pin: version *
			Pin-Priority: 1003
		EOF
	fi
	#wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
	wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg
fi

#apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61
if [ "$ID" = "debian" ]; then
	if [ "$VERSION_ID" = "9" ]; then
		#echo 'deb http://dl.bintray.com/cpaasch/deb jessie main' >> /etc/apt/sources.list
		echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list
	fi
	# Add buster-backports repo
	echo 'deb http://archive.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list
	if [ "$VERSION_ID" = "12" ]; then
		echo 'deb http://deb.debian.org/debian bullseye main' > /etc/apt/sources.list.d/bullseye.list
	fi
elif [ "$ID" = "ubuntu" ]; then
	echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list
	echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list
	[ "$VERSION_ID" = "22.04" ] && {
		apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
		echo 'deb http://old-releases.ubuntu.com/ubuntu impish main universe' > /etc/apt/sources.list.d/impish-universe.list
	}
fi
# Install mptcp kernel and shadowsocks
echo "Install mptcp kernel and shadowsocks..."
apt-get update --allow-releaseinfo-change
sleep 2
apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config ipset

if [ -z "$(dpkg-query -l | grep grub)" ]; then
	if [ -d /boot/grub2 ]; then
		apt-get -y install grub2
	elif [ -d /boot/grub ]; then
		apt-get -y install grub-legacy
	fi
	[ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && {
		echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub
	}
fi


if [ -z "$(dpkg-query -l | grep grub)" ]; then
	if [ -d /boot/grub2 ]; then
		apt-get -y install grub2
	elif [ -d /boot/grub ]; then
		apt-get -y install grub-legacy
	fi
	[ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && {
		echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub
	}
fi
if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then
	if [ "$SOURCES" = "yes" ]; then
		wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
		wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
		# Rename bzImage to vmlinuz, needed when custom kernel was used
		cd /boot
		apt-get -y install git
		rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
		#apt-get -y install linux-mptcp
		#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
		#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
		if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
			echo "Install kernel linux-image-${KERNEL_RELEASE} source release"
			echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
			dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
			dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
		fi
	else
		cd /boot
		rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
		if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
			echo "Install kernel linux-image-${KERNEL_RELEASE}"
			echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
			apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION}
		fi
	fi


	# Check if mptcp kernel is grub default kernel
	echo "Set MPTCP kernel as grub default..."
	if [ "$LOCALFILES" = "no" ]; then
		wget -O /tmp/update-grub.sh ${VPSURL}${VPSPATH}/update-grub.sh
		cd /tmp
	else
		cd ${DIR}
	fi
	[ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg
	rm -f /etc/grub.d/30_os-prober
	bash update-grub.sh ${KERNEL_VERSION}-mptcp
	bash update-grub.sh ${KERNEL_RELEASE}
	[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then
	wget https://dl.xanmod.org/archive.key -O /etc/apt/trusted.gpg.d/xanmod.gpg
	echo 'deb http://deb.xanmod.org releases main' > /etc/apt/sources.list.d/xanmod-release.list
	apt-get update
	apt-get -y install linux-xanmod-x64v3
	[ -f /etc/default/grub ] && {
		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
		[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
	}
elif [ "$KERNEL" = "6.6" ] && [ "$ID" = "debian" ]; then
	echo 'deb http://deb.debian.org/debian bookworm-backports main' > /etc/apt/sources.list.d/bookworm-backports.list
	apt-get update
	apt-get -y install $(apt-cache search linux-image-amd64-6.6 | tail -n 1 | cut -d" " -f1)
	[ -f /etc/default/grub ] && {
		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
		[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
	}
else 
	if [ "$ID" = "ubuntu" ]; then
		if [ "$KERNEL" = "6.1" ] && [ -z "$(uname -a | grep '6.1')" ]; then
			add-apt-repository ppa:cappelikan/ppa -y >/dev/null 2>&1
			apt-get update >/dev/null 2>&1
			apt-get -y install mainline >/dev/null 2>&1
			mainline install 6.1.72 >/dev/null 2>&1
			mainline set-default 6.1.72 >/dev/null 2>&1
		elif [ "$KERNEL" = "6.6" ] && [ -z "$(uname -a | grep '6.6')" ]; then
			add-apt-repository ppa:cappelikan/ppa -y >/dev/null 2>&1
			apt-get update >/dev/null 2>&1
			apt-get -y install mainline >/dev/null 2>&1
			mainline install 6.6.11 >/dev/null 2>&1
			mainline set-default 6.6.11 >/dev/null 2>&1
		fi
		#apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f1)
	fi
	[ -f /etc/default/grub ] && {
		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
		[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
	}
fi

if [ "$ARCH" = "amd64" ]; then
	echo "Install tracebox OpenMPTCProuter edition"
	apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
fi
if [ "$IPERF" = "yes" ]; then
	#echo "Install iperf3 OpenMPTCProuter edition"
	#apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
	#chmod 644 /lib/systemd/system/iperf3.service
	echo "Install iperf3"
	[ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 2>&1 >/dev/null
	apt-get -y install iperf3
	if [ ! -f "/etc/iperf3/private.pem" ]; then
		mkdir -p /etc/iperf3
		openssl genrsa -out /etc/iperf3/private.pem 2048
		openssl rsa -in /etc/iperf3/private.pem -outform PEM -pubout -out /etc/iperf3/public.pem
		IPERFPASS=$(echo -n "{openmptcprouter}openmptcprouter" | sha256sum | awk '{ print $1 }')
		echo "openmptcprouter,$IPERFPASS" > /etc/iperf3/users.csv
	fi
	chown -Rf iperf3 /etc/iperf3 || true
	systemctl enable iperf3.service || true
	mkdir -p /etc/systemd/system/iperf3.service.d
	if [ "$LOCALFILES" = "no" ]; then
		wget -O /etc/systemd/system/iperf3.service.d/override.conf ${VPSURL}${VPSPATH}/iperf3.override.conf
	else
		cp ${DIR}/iperf3.override.conf /etc/systemd/system/iperf3.service.d/override.conf
	fi
fi

if [ "$KERNEL" != "5.4" ]; then
	echo "Compile and install mptcpize..."
	apt-get -y install --no-install-recommends build-essential
	cd /tmp
	apt-get -y install git
	git clone https://github.com/Ysurac/mptcpize.git
	cd mptcpize
	make
	make install
	cd /tmp
	rm -rf /tmp/mptcpize
	if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then
		apt-get -y install iproute2
	else
		echo "Compile and install iproute2..."
		apt-get -y install --no-install-recommends bison libbison-dev flex
		#wget https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-5.16.0.tar.gz
		#tar xzf iproute2-5.16.0.tar.gz
		#cd iproute2-5.16.0
		git clone git://git.kernel.org/pub/scm/network/iproute2/iproute2.git 
		cd iproute2
		git checkout 29da83f89f6e1fe528c59131a01f5d43bcd0a000
		make
		make install
		cd /tmp
	fi
	rm -rf iproute2

	echo "MPTCPize iperf3..."
	mptcpize enable iperf3 2>&1 >/dev/null

	#if [ "$UPSTREAM6" = "yes" ]; then
	#	apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg
	#	apt-get -y install systemtap
	#	mkdir -p /usr/share/systemtap-mptcp
	#	wget -O /usr/share/systemtap-mptcp/mptcp-app.stap ${VPSURL}${VPSPATH}/mptcp-app.stap
	#fi
fi

apt-get -y remove shadowsocks-libev
if [ "$SHADOWSOCKS" = "yes" ]; then
	if [ "$SOURCES" = "yes" ]; then
		#apt -t stretch-backports -y install shadowsocks-libev
		## Compile Shadowsocks
		#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
		#wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
		cd /tmp
		rm -rf shadowsocks-libev
		git clone https://github.com/Ysurac/shadowsocks-libev.git
		cd shadowsocks-libev
		git checkout ${SHADOWSOCKS_VERSION}
		git submodule update --init --recursive
		#tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
		#cd shadowsocks-libev-${SHADOWSOCKS_VERSION}
		#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch
		#patch -p1 < 020-NOCRYPTO.patch
		#wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch
		#patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch
		#wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
		#patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
		#wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch
		#patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch
		# Shadowsocks eBPF support
		#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch
		#patch -p1 < 030-eBPF.patch
		#rm -f /var/lib/dpkg/lock
		#apt-get install -y --no-install-recommends build-essential git ca-certificates libcap-dev libelf-dev libpcap-dev
		#cd /tmp
		#rm -rf libbpf
		#git clone https://github.com/libbpf/libbpf.git
		#cd libbpf
		#if [ "$ID" = "debian" ]; then
		#	rm -f /var/lib/dpkg/lock
		#	apt -y -t stretch-backports install linux-libc-dev
		#elif [ "$ID" = "ubuntu" ]; then
		#	rm -f /var/lib/dpkg/lock
		#	apt-get -y install linux-libc-dev
		#fi
		#BUILD_SHARED=y make -C src CFLAGS="$CFLAGS -DCOMPAT_NEED_REALLOCARRAY"
		#cp /tmp/libbpf/src/libbpf.so /usr/lib
		#cp /tmp/libbpf/src/*.h /usr/include/bpf
		#cd /tmp
		#rm -rf /tmp/libbpf
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev
		apt-get -y install --no-install-recommends asciidoc-base asciidoc-common docbook-xml docbook-xsl libev-dev libmbedcrypto3 libmbedtls-dev libmbedtls12 libmbedx509-0 libxml2-utils libxslt1.1 pkg-config sgml-base sgml-data xml-core xmlto xsltproc
		sleep 1
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		systemctl enable haveged
		if [ "$ID" = "debian" ]; then
			rm -f /var/lib/dpkg/lock
			rm -f /var/lib/dpkg/lock-frontend
			if [ "$VERSION_ID" = "9" ]; then
				apt -y -t stretch-backports install libsodium-dev
			else
				apt -y install libsodium-dev
			fi
		elif [ "$ID" = "ubuntu" ]; then
			rm -f /var/lib/dpkg/lock
			rm -f /var/lib/dpkg/lock-frontend
			apt-get -y install libsodium-dev
		fi
		#cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" 2>&1 >/dev/null
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		dpkg-buildpackage -b -us -uc 2>&1 >/dev/null
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		cd /tmp
		#dpkg -i shadowsocks-libev_*.deb
		dpkg -i omr-shadowsocks-libev_*.deb 2>&1 >/dev/null
		#mkdir -p /usr/lib/shadowsocks-libev
		#cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev
		#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
		rm -rf /tmp/shadowsocks-libev
	else
		apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION}
	fi
fi

# Load BBR Congestion module at boot time
if ! grep -q bbr /etc/modules ; then
	echo tcp_bbr >> /etc/modules
fi

if [ "$KERNEL" = "5.4" ]; then
	# Load OLIA Congestion module at boot time
	if ! grep -q olia /etc/modules ; then
		echo mptcp_olia >> /etc/modules
	fi
	# Load WVEGAS Congestion module at boot time
	if ! grep -q wvegas /etc/modules ; then
		echo mptcp_wvegas >> /etc/modules
	fi
	# Load BALIA Congestion module at boot time
	if ! grep -q balia /etc/modules ; then
		echo mptcp_balia >> /etc/modules
	fi
	# Load BBRv2 Congestion module at boot time
	if ! grep -q bbr2 /etc/modules ; then
		echo tcp_bbr2 >> /etc/modules
	fi
	# Load mctcpdesync Congestion module at boot time
	if ! grep -q mctcp_desync /etc/modules ; then
		echo mctcp_desync >> /etc/modules
	fi
	# Load ndiffports module at boot time
	if ! grep -q mptcp_ndiffports /etc/modules ; then
		echo mptcp_ndiffports >> /etc/modules
	fi
	# Load redundant module at boot time
	if ! grep -q mptcp_redundant /etc/modules ; then
		echo mptcp_redundant >> /etc/modules
	fi
	# Load rr module at boot time
	if ! grep -q mptcp_rr /etc/modules ; then
		echo mptcp_rr >> /etc/modules
	fi
	# Load mctcp ECF scheduler at boot time
	if ! grep -q mptcp_ecf /etc/modules ; then
		echo mptcp_ecf >> /etc/modules
	fi
	# Load mctcp BLEST scheduler at boot time
	if ! grep -q mptcp_blest /etc/modules ; then
		echo mptcp_blest >> /etc/modules
	fi
fi
if systemctl -q is-active omr-admin.service; then
	systemctl -q stop omr-admin > /dev/null 2>&1
fi

if [ "$OMR_ADMIN" = "yes" ]; then
	echo 'Install OpenMPTCProuter VPS Admin'
	if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
		#echo 'deb http://ftp.de.debian.org/debian buster main' > /etc/apt/sources.list.d/buster.list
		#echo 'APT::Default-Release "stretch";' | tee -a /etc/apt/apt.conf.d/00local
		#apt-get update
		#apt-get -y -t buster install python3.7-dev
		#apt-get -y -t buster install python3-pip python3-setuptools python3-wheel
		if [ "$(whereis python3 | grep python3.7)" = "" ]; then
			apt-get -y install libffi-dev build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev wget
			wget -O /tmp/Python-3.7.2.tgz https://www.python.org/ftp/python/3.7.2/Python-3.7.2.tgz
			cd /tmp
			tar xzf Python-3.7.2.tgz
			cd Python-3.7.2
			./configure --enable-optimizations
			make
			make altinstall
			cd /tmp
			rm -rf /tmp/Python-3.7.2
			update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.7 1
			update-alternatives --install /usr/bin/pip3 pip3 /usr/local/bin/pip3.7 1
			sed -i 's:/usr/bin/python3 :/usr/bin/python3\.7 :g' /usr/bin/lsb_release
		fi
		pip3 -q install setuptools wheel
		pip3 -q install pyopenssl
	else
		apt-get -y install python3-openssl python3-pip python3-setuptools python3-wheel python3-dev
	fi
	#apt-get -y install unzip gunicorn python3-flask-restful python3-openssl python3-pip python3-setuptools python3-wheel
	#apt-get -y install unzip python3-openssl python3-pip python3-setuptools python3-wheel
	if [ "$ID" = "ubuntu" ]; then
		apt-get -y install python3-passlib python3-netaddr
		apt-get -y remove python3-jwt
		pip3 -q install pyjwt
	else
		if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then
			if [ "$VERSION_ID" = "12" ]; then
				apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1
				pip3 -q install uvloop --break-system-packages
			else
				apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1
				pip3 -q install uvloop
			fi
		else
			apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
		fi
	fi
	apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen
	echo '-- pip3 install needed python modules'
	echo "If you see any error here, I really don't care: it's about a module not used for home users"
	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
	if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then
		pip3 -q install netjsonconfig --break-system-packages
		pip3 -q install fastapi -U --break-system-packages
		pip3 -q install jsonschema -U --break-system-packages
		pip3 -q install python-multipart jinja2 -U --break-system-packages
		pip3 -q install starlette --break-system-packages
		pip3 -q install starlette --break-system-packages
	else
		pip3 -q install netjsonconfig
		if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]); then
			pip3 -q install fastapi==0.99.1 -U
		else
			pip3 -q install fastapi -U
		fi
		pip3 -q install fastapi -U
		pip3 -q install jsonschema -U
		pip3 -q install python-multipart jinja2 -U
		pip3 -q install starlette
		pip3 -q install starlette
	fi
	mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4
	mkdir -p /etc/openmptcprouter-vps-admin/intf
	#[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn
	[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "openvpn" > /etc/openmptcprouter-vps-admin/current-vpn
	mkdir -p /var/opt/openmptcprouter
	if [ "$SOURCES" = "yes" ]; then
		wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in
		wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in
		wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip
		cd /tmp
		unzip -q -o openmptcprouter-vps-admin.zip
		cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
		if [ -f /usr/local/bin/omr-admin.py ] || [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
			OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d  "\n")
			[ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
			[ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
			OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
			[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
		else
			cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
			cd /etc/openmptcprouter-vps-admin
		fi
		if [ "$(grep user_password /etc/openmptcprouter-vps-admin/omr-admin-config.json)" = "" ]; then
			cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/
			cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
			cd /etc/openmptcprouter-vps-admin
		fi
		rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}
		chmod u+x /usr/local/bin/omr-admin.py
	else
		if [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
			OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d  "\n")
			[ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
			[ -n "$OMR_ADMIN_PASS2" ] && [ "$OMR_ADMIN_PASS2" != "MySecretKey" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
			OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
			[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
		fi
		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y --allow-downgrades install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
		if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
			cp /usr/share/omr-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/
		fi
		#OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
		#OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
	fi
	if [ ! -f /etc/openmptcprouter-vps-admin/key.pem ]; then
		cd /etc/openmptcprouter-vps-admin
		openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps"
	fi
	sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
	sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
	sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
	[ "$NOINTERNET" = "yes" ] && {
		sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
	}
	chmod 644 /lib/systemd/system/omr-admin.service
	chmod 644 /lib/systemd/system/omr-admin-ipv6.service
	#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
	[ "$(ip -6 a)" != "" ] && {
		systemctl enable omr-admin-ipv6.service
	}
	systemctl enable omr-admin.service
	if [ "$KERNEL" != "5.4" ]; then
		mptcpize enable omr-admin.service 2>&1 >/dev/null
		[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service 2>&1 >/dev/null
	fi
fi

# Get shadowsocks optimization
if [ "$LOCALFILES" = "no" ]; then
	if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then
		wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.6.1.conf
	else
		wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf
	fi
else
	if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then
		cp ${DIR}/shadowsocks.6.1.conf /etc/sysctl.d/90-shadowsocks.conf
	else
		cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf
	fi
fi

if [ "$SHADOWSOCKS" = "yes" ]; then
	if [ "$update" != 0 ]; then
		if [ ! -f /etc/shadowsocks-libev/manager.json ]; then
			SHADOWSOCKS_PASS=$(grep -Po '"'"key"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-libev/config.json | tr -d  "\n" | sed 's/-/+/g; s/_/\//g;')
		elif [ -f /etc/shadowsocks-libev/manager.json ]; then
			SHADOWSOCKS_PASS=$(grep -Po '"'"65101"'":\s*"\K([^"]*)' /etc/shadowsocks-libev/manager.json | tr -d  "\n" | sed 's/-/+/g; s/_/\//g;')
		fi
	fi
	# Install shadowsocks config and add a shadowsocks by CPU
	if [ "$update" = "0" ] || [ ! -f /etc/shadowsocks-libev/manager.json ]; then
		if [ "$LOCALFILES" = "no" ]; then
			wget -O /etc/shadowsocks-libev/manager.json ${VPSURL}${VPSPATH}/manager.json
		else
			cp ${DIR}/manager.json /etc/shadowsocks-libev/manager.json
		fi
		SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;')
		if [ "$NBCPU" -gt "1" ]; then
			for i in $(seq 2 NBCPU); do
				sed -i '0,/65101/ s/        "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json
			done
		fi
		#sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json
		sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json
		[ "$(ip -6 a)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json
	elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ] && [ -z "$(grep port_conf /etc/shadowsocks-libev/manager.json)" ]; then
		for i in $(seq 2 $NBCPU); do
			sed -i '0,/65101/ s/        "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json
		done
		sed -i 's/       "65101.*"$/&,/' /etc/shadowsocks-libev/manager.json
	fi
	[ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl
	#sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json
	#sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service
	if [ "$LOCALFILES" = "no" ]; then
		wget -O /lib/systemd/system/shadowsocks-libev-manager@.service ${VPSURL}${VPSPATH}/shadowsocks-libev-manager@.service.in
	else
		cp ${DIR}/shadowsocks-libev-manager@.service.in /lib/systemd/system/shadowsocks-libev-manager@.service
	fi
	if systemctl -q is-enabled shadowsocks-libev; then
		systemctl -q disable shadowsocks-libev
	fi
	[ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service
	systemctl enable shadowsocks-libev-manager@manager.service
	if [ $NBCPU -gt 1 ]; then
		for i in $(seq 1 $NBCPU); do
			[ -f /etc/shadowsocks-libev/config$i.json ] && systemctl is-enabled shadowsocks-libev && systemctl disable shadowsocks-libev-server@config$i.service
		done
	fi
	if systemctl -q is-active shadowsocks-libev-manager@manager; then
		systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1
	fi
fi
if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then
	echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf
fi

if [ "$LOCALFILES" = "no" ]; then
	wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in
	wget -O /usr/bin/omr-update ${VPSURL}${VPSPATH}/omr-update
	chmod 755 /usr/bin/omr-update
else
	cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service
	cp ${DIR}/omr-update /usr/bin/omr-update
	chmod 755 /usr/bin/omr-update
fi
chmod 644 /lib/systemd/system/omr-update.service

# Install simple-obfs
if [ "$OBFS" = "yes" ]; then
	echo "Install OBFS"
	if [ "$SOURCES" = "yes" ]; then
		rm -rf /tmp/simple-obfs
		cd /tmp
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
			#apt-get install -y --no-install-recommends -t buster libssl-dev
			apt-get install -y --no-install-recommends libssl-dev
			apt-get install -y --no-install-recommends build-essential autoconf libtool libpcre3-dev libev-dev asciidoc xmlto automake git ca-certificates
		else
			apt-get install -y --no-install-recommends build-essential autoconf libtool libssl-dev libpcre3-dev libev-dev asciidoc xmlto automake git ca-certificates
		fi
		git clone https://github.com/shadowsocks/simple-obfs.git /tmp/simple-obfs
		cd /tmp/simple-obfs
		git checkout ${OBFS_VERSION}
		git submodule update --init --recursive
		./autogen.sh
		./configure && make
		make install
		cd /tmp
		rm -rf /tmp/simple-obfs
	else
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs=${OBFS_BINARY_VERSION}
	fi
	#sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json
fi

# Install v2ray-plugin
if [ "$V2RAY_PLUGIN" = "yes" ]; then
	echo "Install v2ray plugin"
	if [ "$SOURCES" = "yes" ]; then
		rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
		#wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
		#wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
		wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
		cd /tmp
		tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
		cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
		cd /tmp
		rm -rf /tmp/v2ray-plugin_linux_amd64
		rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
	
		#rm -rf /tmp/v2ray-plugin
		#cd /tmp
		#rm -f /var/lib/dpkg/lock
		#apt-get install -y --no-install-recommends git ca-certificates golang-go
		#git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin
		#cd /tmp/v2ray-plugin
		#git checkout ${V2RAY_PLUGIN_VERSION}
		#git submodule update --init --recursive
		#CGO_ENABLED=0 go build -o v2ray-plugin
		#cp v2ray-plugin /usr/local/bin/v2ray-plugin
		#cd /tmp
		#rm -rf /tmp/simple-obfs
	else
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		apt-get -y install v2ray-plugin=${V2RAY_PLUGIN_VERSION}
	fi
fi

if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ] && [ -f /etc/shadowsocks-libev/config.json ]; then
	sed -i -e '/plugin/d' -e 's/,,//' /etc/shadowsocks-libev/config.json
fi

if systemctl -q is-active shadowsocks-go.service; then
	systemctl -q stop shadowsocks-go > /dev/null 2>&1
	systemctl -q disable shadowsocks-go > /dev/null 2>&1
fi

if [ "$SHADOWSOCKS_GO" = "yes" ]; then
	if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then
		if [ "$ARCH" = "amd64" ]; then
			wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb
			rm -f /var/lib/dpkg/lock
			rm -f /var/lib/dpkg/lock-frontend
			dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb
			rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb
		elif [ "$ARCH" = "arm64" ]; then
			wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb
			rm -f /var/lib/dpkg/lock
			rm -f /var/lib/dpkg/lock-frontend
			dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb
			rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb
		fi
	else
		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install shadowsocks-go=${SHADOWSOCKS_GO_VERSION}
	fi
	if [ -f /etc/shadowsocks-go/server.json ]; then
		PSK2=$(grep -Po '"'"psk"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/server.json | head -n 1 | tr -d "\n")
		[ -n "$PSK2" ] && [ "$PSK2" != "PSK" ] && [ "$PSK2" != "null" ] && PSK="$PSK2"
		UPSK2=$(grep -Po '"'"openmptcprouter"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/upsks.json | head -n 1 | tr -d "\n")
		[ -n "$UPSK2" ] && [ "$UPSK2" != "UPSK" ] && [ "$UPSK2" != "null" ] && UPSK="$UPSK2"
	fi
	wget -O /etc/shadowsocks-go/server.json ${VPSURL}${VPSPATH}/shadowsocks-go.server.json
	sed -i "s:\"PSK\":\"$PSK\":g" /etc/shadowsocks-go/server.json
	sed -i "s:UPSK:$UPSK:g" /etc/shadowsocks-go/upsks.json
	jq -M 'del(.users[0].openmptcprouter."shadowsocks-go")' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new
	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak
	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json

	chmod 644 /lib/systemd/system/shadowsocks-go.service
	systemctl daemon-reload
	systemctl enable shadowsocks-go.service
fi


if systemctl -q is-active v2ray.service; then
	systemctl -q stop v2ray > /dev/null 2>&1
	systemctl -q disable v2ray > /dev/null 2>&1
fi

if [ "$V2RAY" = "yes" ]; then
	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
	if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then
		if [ "$ARCH" = "amd64" ]; then
			wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
			rm -f /var/lib/dpkg/lock
			rm -f /var/lib/dpkg/lock-frontend
			dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
			rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
		elif [ "$ARCH" = "arm64" ]; then
			wget -O /tmp/v2ray-${V2RAY_VERSION}-arm64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-arm64.deb
			rm -f /var/lib/dpkg/lock
			rm -f /var/lib/dpkg/lock-frontend
			dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-arm64.deb
			rm -f /tmp/v2ray-${V2RAY_VERSION}-arm64.deb
		fi
#		else
#			[ "$ARCH" = "i386" ] && V2RAY_FILENAME="v2ray-linux-32.zip"
#			[ "$ARCH" = "amd64" ] && V2RAY_FILENAME="v2ray-linux-64.zip"
#			[ "$ARCH" = "armel" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip"
#			[ "$ARCH" = "armhf" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip"
#			[ "$ARCH" = "arm64" ] && V2RAY_FILENAME="v2ray-linux-arm64-v8a.zip"
#			[ "$ARCH" = "mips64el" ] && V2RAY_FILENAME="v2ray-linux-mips64le.zip"
#			[ "$ARCH" = "mipsel" ] && V2RAY_FILENAME="v2ray-linux-mips32le.zip"
#			[ "$ARCH" = "riscv64" ] && V2RAY_FILENAME="v2ray-linux-riscv64.zip"
#			wget -O /tmp/v2ray-${V2RAY_VERSION}.zip https://github.com/v2fly/v2ray-core/releases/download/v${V2RAY_VERSION}/${V2RAY_FILENAME}
#			cd /tmp
#			rm -rf v2ray
#			mkdir -p v2ray
#			cd v2ray
#			unzip /tmp/v2ray-${V2RAY_VERSION}.zip
#			cp v2ray /usr/bin/
#			cp geoip.dat /usr/bin/
#			cp geosite.dat /usr/bin/
#			wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service
#		fi
	else
		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION}
	fi
	if [ -f /etc/v2ray/v2ray-server.json ]; then
		V2RAY_UUID2=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' /etc/v2ray/v2ray-server.json | head -n 1 | tr -d "\n")
		[ -n "$V2RAY_UUID2" ] && V2RAY_UUID="$V2RAY_UUID2"
	fi
	#if [ ! -f /etc/v2ray/v2ray-server.json ]; then
		wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
		sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
	#fi
	if [ "$KERNEL" != "5.4" ] && [ -z "$(grep mptcp /etc/v2ray/v2ray-server.json | grep true)" ]; then
		sed -i 's/"sockopt": {/&\n                    "mptcp": true,/' /etc/v2ray/v2ray-server.json
	fi
	rm -f /etc/v2ray/config.json
	ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
	#if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
	#	mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
	#fi
	if [ "$LOCALFILES" = "no" ]; then
		wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service
	else
		cp ${DIR}/v2ray.service /lib/systemd/system/v2ray.service
	fi
	chmod 644 /lib/systemd/system/v2ray.service
	systemctl daemon-reload
	systemctl enable v2ray.service
	#if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
	#	mptcpize enable v2ray
	#fi
fi

if systemctl -q is-active xray.service; then
	systemctl -q stop xray > /dev/null 2>&1
	systemctl -q disable xray > /dev/null 2>&1
fi

if [ "$XRAY" = "yes" ]; then
	#apt-get -y -o Dpkg::Options::="--force-overwrite" install xray
	if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then
		if [ "$ARCH" = "amd64" ]; then
			wget -O /tmp/xray-${XRAY_VERSION}-amd64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-amd64.deb
			rm -f /var/lib/dpkg/lock
			rm -f /var/lib/dpkg/lock-frontend
			dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-amd64.deb
			rm -f /tmp/xray-${XRAY_VERSION}-amd64.deb
		elif [ "$ARCH" = "arm64" ]; then
			wget -O /tmp/xray-${XRAY_VERSION}-arm64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-arm64.deb
			rm -f /var/lib/dpkg/lock
			rm -f /var/lib/dpkg/lock-frontend
			dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-arm64.deb
			rm -f /tmp/xray-${XRAY_VERSION}-arm64.deb
		fi
	else
		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install xray=${XRAY_VERSION}
	fi
	if [ -f /etc/xray/xray-server.json ]; then
		XRAY_UUID2=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-server.json | head -n 1 | tr -d "\n")
		[ -n "$XRAY_UUID2" ] && [ "$XRAY_UUID2" != "XRAY_UUID" ] && [ "$XRAY_UUID2" != "V2RAY_UUID" ] && XRAY_UUID="$XRAY_UUID2"
		PSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.password' /etc/xray/xray-server.json | tr -d "\n")
		[ "$PSK2" != "null" ] && [ -n "$PSK2" ] && [ "$PSK2" != "XRAY_PSK" ] && PSK="$PSK2"
		UPSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.clients[] | select(.email=="openmptcprouter") | .password' /etc/xray/xray-server.json | tr -d "\n")
		[ "$UPSK2" != "null" ] && [ -n "$UPSK2" ] && [ "$UPSK2" != "XRAY_UPSK" ] && UPSK="$UPSK2"
		XRAY_X25519_PRIVATE_KEY2=$(grep -Po '"'"privateKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n")
		[ -n "$XRAY_X25519_PRIVATE_KEY2" ] && [ "$XRAY_X25519_PRIVATE_KEY2" != "XRAY_X25519_PRIVATE_KEY" ] && XRAY_X25519_PRIVATE_KEY="$XRAY_X25519_PRIVATE_KEY2"
		XRAY_X25519_PUBLIC_KEY2=$(grep -Po '"'"publicKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n")
		[ -n "$XRAY_X25519_PUBLIC_KEY2" ] && [ "$XRAY_X25519_PUBLIC_KEY2" != "XRAY_X25519_PUBLIC_KEY" ] && XRAY_X25519_PUBLIC_KEY="$XRAY_X25519_PUBLIC_KEY2"
	fi
	jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new
	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak
	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json
	#if [ ! -f /etc/xray/xray-server.json ]; then
		wget -O /etc/xray/xray-server.json ${VPSURL}${VPSPATH}/xray-server.json
		sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json
		sed -i "s:V2RAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json
		sed -i "s:XRAY_PSK:$PSK:g" /etc/xray/xray-server.json
		sed -i "s:XRAY_UPSK:$UPSK:g" /etc/xray/xray-server.json
		wget -O /etc/xray/xray-vless-reality.json ${VPSURL}${VPSPATH}/xray-vless-reality.json
		if [ -z "$XRAY_X25519_PRIVATE_KEY" ]; then
			XRAY_X25519_KEYS=$(/usr/bin/xray x25519)
			XRAY_X25519_PRIVATE_KEY=$(echo "${XRAY_X25519_KEYS}" | grep Private | awk '{ print $3 }' | tr -d "\n")
			XRAY_X25519_PUBLIC_KEY=$(echo "${XRAY_X25519_KEYS}" | grep Public | awk '{ print $3 }' | tr -d "\n")
		fi
		sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-vless-reality.json
		sed -i "s:XRAY_X25519_PRIVATE_KEY:$XRAY_X25519_PRIVATE_KEY:g" /etc/xray/xray-vless-reality.json
		sed -i "s:XRAY_X25519_PUBLIC_KEY:$XRAY_X25519_PUBLIC_KEY:g" /etc/xray/xray-vless-reality.json
		
	#fi
	#if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then
	#	sed -i 's/"sockopt": {/&\n                    "mptcp": true,/' /etc/xray/xray-server.json
	#fi
	rm -f /etc/xray/config.json
	ln -s /etc/xray/xray-server.json /etc/xray/config.json
	#if [ -f /etc/systemd/system/xray.service.dpkg-dist ]; then
	#	mv -f /etc/systemd/system/xray.service.dpkg-dist /etc/systemd/system/xray.service
	#fi
	if [ "$LOCALFILES" = "no" ]; then
		wget -O /lib/systemd/system/xray.service ${VPSURL}${VPSPATH}/xray.service
	else
		cp ${DIR}/xray.service /lib/systemd/system/xray.service
	fi
	chmod 644 /lib/systemd/system/xray.service
	systemctl daemon-reload
	systemctl enable xray.service
fi

if systemctl -q is-active mlvpn@mlvpn0.service; then
	systemctl -q stop mlvpn@mlvpn0 > /dev/null 2>&1
	systemctl -q disable mlvpn@mlvpn0 > /dev/null 2>&1
fi
echo "install mlvpn"
# Install MLVPN
if [ "$MLVPN" = "yes" ]; then
	echo 'Install MLVPN'
	mlvpnupdate="0"
	if [ -f /etc/mlvpn/mlvpn0.conf ]; then
		mlvpnupdate="1"
	fi
	mkdir -p /etc/mlvpn
	if [ "$SOURCES" = "yes" ]; then
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git
		rm -rf /tmp/mlvpn
		cd /tmp
		#git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn
		#git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn
		git clone https://github.com/zehome/MLVPN.git /tmp/mlvpn
		#git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn
		cd /tmp/mlvpn
		git checkout ${MLVPN_VERSION}
		./autogen.sh
		./configure --sysconfdir=/etc
		make
		make install
		cd /tmp
		rm -rf /tmp/mlvpn
		if [ "$LOCALFILES" = "no" ]; then
			wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network
			wget -O /lib/systemd/system/mlvpn@.service ${VPSURL}${VPSPATH}/mlvpn@.service.in
		else
			cp ${DIR}/mlvpn.network /lib/systemd/network/mlvpn.network
			cp ${DIR}/mlvpn@.service.in /lib/systemd/system/mlvpn@.service
		fi
		if [ "$mlvpnupdate" = "0" ]; then
			if [ "$LOCALFILES" = "no" ]; then
				wget -O /etc/mlvpn/mlvpn0.conf ${VPSURL}${VPSPATH}/mlvpn0.conf
			else
				cp ${DIR}/mlvpn0.conf /etc/mlvpn/mlvpn0.conf
			fi
		fi
	else
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" install omr-mlvpn=${MLVPN_BINARY_VERSION}
	fi
	if [ "$mlvpnupdate" = "0" ]; then
		sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf
	fi
	chmod 0600 /etc/mlvpn/mlvpn0.conf
	adduser --quiet --system --home /var/opt/mlvpn --shell /usr/sbin/nologin mlvpn
	mkdir -p /var/opt/mlvpn
	usermod -d /var/opt/mlvpn mlvpn
	chown mlvpn /var/opt/mlvpn
	systemctl enable mlvpn@mlvpn0.service
	systemctl enable systemd-networkd.service
	echo "install mlvpn done"
fi
if systemctl -q is-active ubond@ubond0.service; then
	systemctl -q stop ubond@ubond0 > /dev/null 2>&1
	systemctl -q disable ubond@ubond0 > /dev/null 2>&1
fi
echo "install ubond"
# Install UBOND
if [ "$UBOND" = "yes" ]; then
	echo 'Install UBOND'
	ubondupdate="0"
	if [ -f /etc/ubond/ubond0.conf ]; then
		ubondupdate="1"
	fi
#	if [ "$SOURCES" = "yes" ]; then
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git
		rm -rf /tmp/ubond
		cd /tmp
		git clone https://github.com/markfoodyburton/ubond.git /tmp/ubond
		cd /tmp/ubond
		git checkout ${UBOND_VERSION}
		./autogen.sh
		./configure --sysconfdir=/etc
		make
		make install
		cd /tmp
		rm -rf /tmp/ubond
#	else
#		apt-get -y -o Dpkg::Options::="--force-overwrite" install ubond
#	fi
	if [ "$LOCALFILES" = "no" ]; then
		wget -O /lib/systemd/network/ubond.network ${VPSURL}${VPSPATH}/ubond.network
		wget -O /lib/systemd/system/ubond@.service ${VPSURL}${VPSPATH}/ubond@.service.in
	else
		cp ${DIR}/ubond.network /lib/systemd/network/ubond.network
		cp ${DIR}/ubond@.service.in /lib/systemd/system/ubond@.service
	fi
	mkdir -p /etc/ubond
	if [ "$ubondupdate" = "0" ]; then
		if [ "$LOCALFILES" = "no" ]; then
			wget -O /etc/ubond/ubond0.conf ${VPSURL}${VPSPATH}/ubond0.conf
		else
			cp ${DIR}/ubond0.conf /etc/ubond/ubond0.conf
		fi
		sed -i "s:UBOND_PASS:$UBOND_PASS:" /etc/ubond/ubond0.conf
	fi
	chmod 0600 /etc/ubond/ubond0.conf
	adduser --quiet --system --home /var/opt/ubond --shell /usr/sbin/nologin ubond
	mkdir -p /var/opt/ubond
	usermod -d /var/opt/ubond ubond
	chown ubond /var/opt/ubond
	systemctl enable ubond@ubond0.service
	systemctl enable systemd-networkd.service
	echo "install ubond done"
fi

if systemctl -q is-active wg-quick@wg0.service; then
	systemctl -q stop wg-quick@wg0 > /dev/null 2>&1
	systemctl -q disable wg-quick@wg0 > /dev/null 2>&1
fi

if [ "$WIREGUARD" = "yes" ]; then
	echo "Install WireGuard"
	rm -f /var/lib/dpkg/lock
	rm -f /var/lib/dpkg/lock-frontend
	apt-get -y install wireguard-tools --no-install-recommends
	if [ ! -f /etc/wireguard/wg0.conf ]; then
		cd /etc/wireguard
		umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key
		cat > /etc/wireguard/wg0.conf <<-EOF
		[Interface]
		PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n")
		ListenPort = 65311
		Address = 10.255.247.1/24
		SaveConfig = true
		EOF
	fi
	systemctl enable wg-quick@wg0
	if [ ! -f /etc/wireguard/client-wg0.conf ]; then
		cd /etc/wireguard
		umask 077; wg genkey | tee vpn-client-private.key | wg pubkey > vpn-client-public.key
		cat > /etc/wireguard/client-wg0.conf <<-EOF
		[Interface]
		PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n")
		ListenPort = 65312
		Address = 10.255.246.1/24
		SaveConfig = true
		
		[Peer]
		PublicKey = $(cat /etc/wireguard/vpn-client-public.key | tr -d "\n")
		AllowedIPs = 10.255.246.2/32
		EOF
	fi
	if [ ! -f /root/wireguard-client.conf ]; then
		cat > /root/wireguard-client.conf <<-EOF
		[Interface]
		Address = 10.255.246.2/24
		PrivateKey = $(cat /etc/wireguard/vpn-client-private.key | tr -d "\n")
		
		[Peer]
		PublicKey = $(cat /etc/wireguard/vpn-server-public.key | tr -d "\n")
		Endpoint = ${VPS_PUBLIC_IP}:65312
		AllowedIPs = 0.0.0.0/0, ::/0, 192.168.100.0/24
		EOF
	fi
	systemctl enable wg-quick@client-wg0
	echo "Install wireguard done"
fi

if systemctl -q is-active openvpn-server@tun0.service; then
	systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
	systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
fi
if [ "$OPENVPN" = "yes" ]; then
	echo "Install OpenVPN"
	rm -f /var/lib/dpkg/lock
	rm -f /var/lib/dpkg/lock-frontend
	apt-get -y install openvpn easy-rsa
	#wget -O /lib/systemd/network/openvpn.network ${VPSURL}${VPSPATH}/openvpn.network
	rm -f /lib/systemd/network/openvpn.network
	#if [ ! -f "/etc/openvpn/server/static.key" ]; then
	#	wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf
	#	cd /etc/openvpn/server
	#	openvpn --genkey --secret static.key
	#fi
	if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ ! -d /etc/openvpn/ca ]; then
		wget -O /tmp/EasyRSA-unix-v${EASYRSA_VERSION}.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v${EASYRSA_VERSION}.tgz
		cd /tmp
		tar xzvf EasyRSA-unix-v${EASYRSA_VERSION}.tgz
		cd /tmp/EasyRSA-v${EASYRSA_VERSION}
		mkdir -p /etc/openvpn/ca
		cp easyrsa /etc/openvpn/ca/
		cp openssl-easyrsa.cnf /etc/openvpn/ca/
		cp vars.example /etc/openvpn/ca/vars
		cp -r x509-types /etc/openvpn/ca/

		#mkdir -p /etc/openvpn/ca/pki/private /etc/openvpn/ca/pki/issued
		#./easyrsa init-pki
		#./easyrsa --batch build-ca nopass
		#EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass
		#EASYRSA_CERT_EXPIRE=3650 EASYRSA_REQ_CN=openmptcprouter ./easyrsa build-client-full "openmptcprouter" nopass
		#EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
		#mv pki/ca.crt /etc/openvpn/ca/pki/ca.crt
		#mv pki/private/ca.key /etc/openvpn/ca/pki/private/ca.key
		#mv pki/issued/server.crt /etc/openvpn/ca/pki/issued/server.crt
		#mv pki/private/server.key /etc/openvpn/ca/pki/private/server.key
		#mv pki/crl.pem /etc/openvpn/ca/pki/crl.pem
		#mv pki/issued/openmptcprouter.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt
		#mv pki/private/openmptcprouter.key /etc/openvpn/ca/pki/private/openmptcprouter.key
	fi

	if [ -f "/etc/openvpn/server/server.crt" ]; then
		if [ ! -d /etc/openvpn/ca ]; then
			make-cadir /etc/openvpn/ca
		fi
		mkdir -p /etc/openvpn/ca/pki/private /etc/openvpn/ca/pki/issued
		mv /etc/openvpn/server/ca.crt /etc/openvpn/ca/pki/ca.crt
		mv /etc/openvpn/server/ca.key /etc/openvpn/ca/pki/private/ca.key
		mv /etc/openvpn/server/server.crt /etc/openvpn/ca/pki/issued/server.crt
		mv /etc/openvpn/server/server.key /etc/openvpn/ca/pki/private/server.key
		mv /etc/openvpn/server/crl.pem /etc/openvpn/ca/pki/crl.pem
		mv /etc/openvpn/client/client.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt
		mv /etc/openvpn/client/client.key /etc/openvpn/ca/pki/private/openmptcprouter.key
	fi
	if [ ! -f "/etc/openvpn/ca/pki/issued/server.crt" ]; then
		if [ ! -d /etc/openvpn/ca ]; then
			make-cadir /etc/openvpn/ca
		fi
		cd /etc/openvpn/ca
		./easyrsa --batch init-pki 2>&1 >/dev/null
		./easyrsa --batch build-ca nopass
		EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-server-full server nopass
		EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "openmptcprouter" nopass
		EASYRSA_CRL_DAYS=3650 ./easyrsa --batch gen-crl
	fi
	if [ ! -f "/etc/openvpn/ca/pki/issued/openmptcprouter.crt" ]; then
		mv /etc/openvpn/ca/pki/issued/client.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt
		mv /etc/openvpn/ca/pki/private/client.key /etc/openvpn/ca/pki/private/openmptcprouter.key
	fi
	if [ ! -f "/etc/openvpn/server/dh2048.pem" ]; then
		openssl dhparam -out /etc/openvpn/server/dh2048.pem 2048
	fi
	if [ "$LOCALFILES" = "no" ]; then
		if [ "$KERNEL" != "5.4" ]; then
			wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.6.1.conf
			wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.6.1.conf
		else
			wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf
			wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf
		fi
		wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf
		wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf
		wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf
		wget -O /etc/openvpn/bonding4.conf ${VPSURL}${VPSPATH}/openvpn-bonding4.conf
		wget -O /etc/openvpn/bonding5.conf ${VPSURL}${VPSPATH}/openvpn-bonding5.conf
		wget -O /etc/openvpn/bonding6.conf ${VPSURL}${VPSPATH}/openvpn-bonding6.conf
		wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf
		wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf
	else
		if [ "$KERNEL" != "5.4" ]; then
			cp ${DIR}/openvpn-tun0.6.1.conf /etc/openvpn/tun0.conf
			cp ${DIR}/openvpn-tun1.6.1.conf /etc/openvpn/tun1.conf
		else
			cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf
			cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf
		fi
		cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf
		cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf
		cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf
		cp ${DIR}/openvpn-bonding4.conf /etc/openvpn/bonding4.conf
		cp ${DIR}/openvpn-bonding5.conf /etc/openvpn/bonding5.conf
		cp ${DIR}/openvpn-bonding6.conf /etc/openvpn/bonding6.conf
		cp ${DIR}/openvpn-bonding7.conf /etc/openvpn/bonding7.conf
		cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf
	fi
	mkdir -p /etc/openvpn/ccd
	if [ ! -f /etc/openvpn/ccd/ipp_tcp.txt ]; then
		echo 'openmptcprouter,10.255.250.2,' > /etc/openvpn/ccd/ipp_tcp.txt
	fi
	if [ ! -f /etc/openvpn/ccd/ipp_udp.txt ]; then
		echo 'openmptcprouter,10.255.252.2,' > /etc/openvpn/ccd/ipp_udp.txt
	fi
	chmod 644 /lib/systemd/system/openvpn*.service
	systemctl enable openvpn@tun0.service
	systemctl enable openvpn@tun1.service
	if [ "$KERNEL" != "5.4" ]; then
		mptcpize enable openvpn@tun0 2>&1 >/dev/null
	fi
	systemctl enable openvpn@bonding1.service
	systemctl enable openvpn@bonding2.service
	systemctl enable openvpn@bonding3.service
	systemctl enable openvpn@bonding4.service
	systemctl enable openvpn@bonding5.service
	systemctl enable openvpn@bonding6.service
	systemctl enable openvpn@bonding7.service
	systemctl enable openvpn@bonding8.service
fi

echo 'Glorytun UDP'
# Install Glorytun UDP
if systemctl -q is-active glorytun-udp@tun0.service; then
	systemctl -q stop 'glorytun-udp@*' > /dev/null 2>&1
fi
if [ "$GLORYTUN_UDP" = "yes" ]; then
	if [ "$SOURCES" = "yes" ]; then
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		rm -f /usr/bin/glorytun
		apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config
		rm -rf /tmp/glorytun-udp
		cd /tmp
		git clone https://github.com/Ysurac/glorytun.git /tmp/glorytun-udp
		cd /tmp/glorytun-udp
		git checkout ${GLORYTUN_UDP_VERSION}
		git submodule update --init --recursive
		meson build
		ninja -C build install
		sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network
		rm /lib/systemd/system/glorytun*
		rm /lib/systemd/network/glorytun*
		if [ "$LOCALFILES" = "no" ]; then
			wget -O /usr/local/bin/glorytun-udp-run ${VPSURL}${VPSPATH}/glorytun-udp-run
		else
			cp ${DIR}/glorytun-udp-run /usr/local/bin/glorytun-udp-run
		fi
		chmod 755 /usr/local/bin/glorytun-udp-run
		if [ "$LOCALFILES" = "no" ]; then
			wget -O /lib/systemd/system/glorytun-udp@.service ${VPSURL}${VPSPATH}/glorytun-udp%40.service.in
		else
			cp ${DIR}/glorytun-udp@.service.in /lib/systemd/system/glorytun-udp@.service
		fi
		chmod 644 /lib/systemd/system/glorytun-udp@.service
		#wget -O /lib/systemd/network/glorytun-udp.network ${VPSURL}${VPSPATH}/glorytun-udp.network
		rm -f /lib/systemd/network/glorytun-udp.network
		mkdir -p /etc/glorytun-udp
		if [ "$LOCALFILES" = "no" ]; then
			wget -O /etc/glorytun-udp/post.sh ${VPSURL}${VPSPATH}/glorytun-udp-post.sh
			wget -O /etc/glorytun-udp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun-udp
		else
			cp ${DIR}/glorytun-udp-post.sh /etc/glorytun-udp/post.sh
			cp ${DIR}/tun0.glorytun-udp /etc/glorytun-udp/tun0
		fi
		chmod 755 /etc/glorytun-udp/post.sh
		if [ "$update" = "0" ] || [ ! -f /etc/glorytun-udp/tun0.key ]; then
			echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key
		elif [ ! -f /etc/glorytun-udp/tun0.key ] && [ -f /etc/glorytun-tcp/tun0.key ]; then
			cp /etc/glorytun-tcp/tun0.key /etc/glorytun-udp/tun0.key
		fi
		systemctl enable glorytun-udp@tun0.service
		systemctl enable systemd-networkd.service
		cd /tmp
		rm -rf /tmp/glorytun-udp
	else
		rm -f /usr/local/bin/glorytun
		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION}
		chmod 644 /lib/systemd/system/glorytun-udp@.service
		GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
	fi
	[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0
fi


# Add chrony for time sync
apt-get install -y chrony
systemctl enable chrony

if [ "$DSVPN" = "yes" ]; then
	echo 'A Dead Simple VPN'
	# Install A Dead Simple VPN
	if systemctl -q is-active dsvpn-server.service; then
		systemctl -q disable dsvpn-server > /dev/null 2>&1
		systemctl -q stop dsvpn-server > /dev/null 2>&1
	fi
	if [ "$SOURCES" = "yes" ]; then
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		apt-get install -y --no-install-recommends build-essential git ca-certificates
		rm -rf /tmp/dsvpn
		cd /tmp
		git clone https://github.com/ysurac/dsvpn.git /tmp/dsvpn
		cd /tmp/dsvpn
		git checkout ${DSVPN_VERSION}
		make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL'
		make install
		rm -f /lib/systemd/system/dsvpn/*
		wget -O /usr/local/bin/dsvpn-run ${VPSURL}${VPSPATH}/dsvpn-run
		chmod 755 /usr/local/bin/dsvpn-run
		wget -O /lib/systemd/system/dsvpn-server@.service ${VPSURL}${VPSPATH}/dsvpn-server%40.service.in
		chmod 644 /lib/systemd/system/dsvpn-server@.service
		mkdir -p /etc/dsvpn
		wget -O /etc/dsvpn/dsvpn0 ${VPSURL}${VPSPATH}/dsvpn0-config
		if [ -f /etc/dsvpn/dsvpn.key ]; then
			mv /etc/dsvpn/dsvpn.key /etc/dsvpn/dsvpn0.key
		fi
		if [ "$update" = "0" ] || [ ! -f /etc/dsvpn/dsvpn0.key ]; then
			echo "$DSVPN_PASS" > /etc/dsvpn/dsvpn0.key
		fi
		systemctl enable dsvpn-server@dsvpn0.service
		cd /tmp
		rm -rf /tmp/dsvpn
	else
		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION}
		chmod 644 /lib/systemd/system/dsvpn-server@.service
		DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
	fi
	if [ "$KERNEL" != "5.4" ]; then
		mptcpize enable dsvpn-server@dsvpn0 2>&1 >/dev/null
	fi
fi

# Install Glorytun TCP
if systemctl -q is-active glorytun-tcp@tun0.service; then
	systemctl -q stop 'glorytun-tcp@*' > /dev/null 2>&1
fi
if [ "$GLORYTUN_TCP" = "yes" ]; then
	if [ "$SOURCES" = "yes" ]; then
		if [ "$ID" = "debian" ]; then
			if [ "$VERSION_ID" = "9" ]; then
				apt -t stretch-backports -y install libsodium-dev
			else
				apt -y install libsodium-dev
			fi
		elif [ "$ID" = "ubuntu" ]; then
			apt-get -y install libsodium-dev
		fi
		rm -f /var/lib/dpkg/lock
		rm -f /var/lib/dpkg/lock-frontend
		rm -f /usr/bin/glorytun-tcp
		apt-get -y install build-essential pkg-config autoconf automake
		rm -rf /tmp/glorytun-0.0.35
		cd /tmp
		if [ "$KERNEL" != "5.4" ]; then
			wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz
		else
			wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
		fi
		tar xzf glorytun-0.0.35.tar.gz
		if [ "$KERNEL" != "5.4" ]; then
			mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35
		fi
		cd glorytun-0.0.35
		./autogen.sh
		./configure
		make
		cp glorytun /usr/local/bin/glorytun-tcp
		wget -O /usr/local/bin/glorytun-tcp-run ${VPSURL}${VPSPATH}/glorytun-tcp-run
		chmod 755 /usr/local/bin/glorytun-tcp-run
		wget -O /lib/systemd/system/glorytun-tcp@.service ${VPSURL}${VPSPATH}/glorytun-tcp%40.service.in
		#wget -O /lib/systemd/network/glorytun-tcp.network ${VPSURL}${VPSPATH}/glorytun.network
		chmod 644 /lib/systemd/system/glorytun-tcp@.service
		rm -f /lib/systemd/network/glorytun-tcp.network
		mkdir -p /etc/glorytun-tcp
		wget -O /etc/glorytun-tcp/post.sh ${VPSURL}${VPSPATH}/glorytun-tcp-post.sh
		chmod 755 /etc/glorytun-tcp/post.sh
		wget -O /etc/glorytun-tcp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun
		if [ "$update" = "0" ]; then
			echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key
		fi
		systemctl enable glorytun-tcp@tun0.service
		#systemctl enable systemd-networkd.service
		cd /tmp
		rm -rf /tmp/glorytun-0.0.35
	else
		rm -f /usr/local/bin/glorytun-tcp
		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION}
	fi
	[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0
fi


# Load tun module at boot time
if ! grep -q tun /etc/modules ; then
	echo tun >> /etc/modules
fi

# Add multipath utility
if [ "$LOCALFILES" = "no" ]; then
	wget -O /usr/local/bin/multipath ${VPSURL}${VPSPATH}/multipath
else
	cp ${DIR}/multipath /usr/local/bin/multipath
fi
chmod 755 /usr/local/bin/multipath

# Add omr-test-speed utility
if [ "$LOCALFILES" = "no" ]; then
	wget -O /usr/local/bin/omr-test-speed ${VPSURL}${VPSPATH}/omr-test-speed
else
	cp ${DIR}/omr-test-speed /usr/local/bin/omr-test-speed
fi
chmod 755 /usr/local/bin/omr-test-speed

# Add OpenMPTCProuter service
if [ "$LOCALFILES" = "no" ]; then
	wget -O /usr/local/bin/omr-service ${VPSURL}${VPSPATH}/omr-service
	wget -O /lib/systemd/system/omr.service ${VPSURL}${VPSPATH}/omr.service.in
	wget -O /usr/local/bin/omr-6in4-run ${VPSURL}${VPSPATH}/omr-6in4-run
	wget -O /lib/systemd/system/omr6in4@.service ${VPSURL}${VPSPATH}/omr6in4%40.service.in
	wget -O /usr/local/bin/omr-bypass ${VPSURL}${VPSPATH}/omr-bypass
	wget -O /lib/systemd/system/omr-bypass.service ${VPSURL}${VPSPATH}/omr-bypass.service.in
	wget -O /lib/systemd/system/omr-bypass.timer ${VPSURL}${VPSPATH}/omr-bypass.timer.in
else
	cp ${DIR}/omr-service /usr/local/bin/omr-service
	cp ${DIR}/omr.service.in /lib/systemd/system/omr.service
	cp ${DIR}/omr-6in4-run /usr/local/bin/omr-6in4-run
	cp ${DIR}/omr6in4@.service.in /lib/systemd/system/omr6in4@.service
	cp ${DIR}/omr-bypass /usr/local/bin/omr-bypass
	cp ${DIR}/omr-bypass.service.in /lib/systemd/system/omr-bypass.service
	cp ${DIR}/omr-bypass.timer.in /lib/systemd/system/omr-bypass.timer

fi
chmod 644 /lib/systemd/system/omr.service
chmod 644 /lib/systemd/system/omr6in4@.service
chmod 755 /usr/local/bin/omr-service
chmod 755 /usr/local/bin/omr-bypass
chmod 755 /usr/local/bin/omr-6in4-run
chmod 644 /lib/systemd/system/omr-bypass.service
chmod 644 /lib/systemd/system/omr-bypass.timer
systemctl daemon-reload
if systemctl -q is-active omr-6in4.service; then
	systemctl -q stop omr-6in4 > /dev/null 2>&1
	systemctl -q disable omr-6in4 > /dev/null 2>&1
fi
systemctl enable omr6in4@user0.service
systemctl enable omr.service
systemctl enable omr-bypass.timer
systemctl enable omr-bypass.service

# Change SSH port to 65222
sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config
sed -i 's:Port 22:Port 65222:g' /etc/ssh/sshd_config

# Remove Bind9 if available
#systemctl -q disable bind9

# Remove fail2ban if available
#systemctl -q disable fail2ban

if [ "$update" = "0" ]; then
	# Install and configure the firewall using shorewall
	apt-get -y install shorewall shorewall6
	if [ "$LOCALFILES" = "no" ]; then
		wget -O /etc/shorewall/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz
	else
		cp ${DIR}/openmptcprouter-shorewall.tar.gz /etc/shorewall/openmptcprouter-shorewall.tar.gz
	fi
	tar xzf /etc/shorewall/openmptcprouter-shorewall.tar.gz -C /etc/shorewall
	rm /etc/shorewall/openmptcprouter-shorewall.tar.gz
	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
	systemctl enable shorewall
	if [ "$LOCALFILES" = "no" ]; then
		wget -O /etc/shorewall6/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz
	else
		cp ${DIR}/openmptcprouter-shorewall6.tar.gz /etc/shorewall6/openmptcprouter-shorewall6.tar.gz
	fi
	tar xzf /etc/shorewall6/openmptcprouter-shorewall6.tar.gz -C /etc/shorewall6
	rm /etc/shorewall6/openmptcprouter-shorewall6.tar.gz
	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
	systemctl enable shorewall6
else
	# Update only needed firewall files
	if [ "$LOCALFILES" = "no" ]; then
		mkdir -p ${DIR}
		wget -O ${DIR}/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz
		wget -O ${DIR}/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz
		mkdir -p ${DIR}/shorewall4
		tar xzvf ${DIR}/openmptcprouter-shorewall.tar.gz -C ${DIR}/shorewall4
		mkdir -p ${DIR}/shorewall6
		tar xzvf ${DIR}/openmptcprouter-shorewall6.tar.gz -C ${DIR}/shorewall6
	fi
	cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces
	cp ${DIR}/shorewall4/snat /etc/shorewall/snat
	cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules
	cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces
	cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
	cp ${DIR}/shorewall4/policy /etc/shorewall/policy
	cp ${DIR}/shorewall4/params /etc/shorewall/params
	cp ${DIR}/shorewall4/zones /etc/shorewall/zones
	#cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
	#cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
	cp ${DIR}/shorewall6/params /etc/shorewall6/params
	#cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
	#cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
	cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces
	cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules
	cp ${DIR}/shorewall6/snat /etc/shorewall6/snat
	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
	sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules
	sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
	if [ "$LOCALFILES" = "no" ]; then
		rm -rf ${DIR}/shorewall4
		rm -rf ${DIR}/shorewall6
		rm -f ${DIR}/openmptcprouter-shorewall.tar.gz
		rm -f ${DIR}/openmptcprouter-shorewall6.tar.gz
	fi
fi
[ -z "$(grep nf_conntrack_sip /etc/modprobe.d/blacklist.conf)" ] && echo 'blacklist nf_conntrack_sip' >> /etc/modprobe.d/blacklist.conf
if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then
	apt-get -y install iptables
	update-alternatives --set iptables /usr/sbin/iptables-legacy
	update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
fi
if ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]) || ([ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "19.04" ]) || ([ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "20.04" ]); then
	sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall/shorewall.conf
	sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall/shorewall.conf
	sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf
	sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf
fi
if [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "" ] && [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "dhcp" ]; then
	sed -i "s/MASQUERADE/SNAT($(ip r | awk '/default/&&/src/ {print $7}'))/" /etc/shorewall/snat
fi

# Limit /var/log/journal size
sed -i 's/#SystemMaxUse=/SystemMaxUse=100M/' /etc/systemd/journald.conf

if [ "$TLS" = "yes" ]; then
	VPS_CERT=0
	apt-get -y install socat cron
	if [ "$VPS_DOMAIN" != "" ] && [ "$(getent hosts $VPS_DOMAIN | awk '{ print $1; exit }')" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then
		if [ ! -f "/root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer" ]; then
			echo "Generate certificate for V2Ray"
			set +e
			#[ "$(shorewall  status | grep stopped)" = "" ] && shorewall open all all tcp 443
			curl https://get.acme.sh | sh
			systemctl -q restart shorewall
			~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null
			set -e
			if [ -f /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer ]; then
				rm -f /etc/openmptcprouter-vps-admin/cert.pem
				ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer /etc/openmptcprouter-vps-admin/cert.pem
				rm -f /etc/openmptcprouter-vps-admin/key.pem
				ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.key /etc/openmptcprouter-vps-admin/key.pem
			fi
#			mkdir -p /etc/ssl/v2ray
#			ln -f -s /root/.acme.sh/$reverse/$reverse.key /etc/ssl/v2ray/omr.key
#			ln -f -s /root/.acme.sh/$reverse/fullchain.cer /etc/ssl/v2ray/omr.cer
			#[ "$(shorewall  status | grep stopped)" = "" ] && shorewall close all all tcp 443
		fi
		VPS_CERT=1
	else
		echo "No working domain detected..."
	fi
fi

if [ "$SPEEDTEST" = "yes" ]; then
	mkdir -p /usr/share/omr-server/speedtest
	if [ ! -f /usr/share/omr-server/speedtest/test.img ] && [ "$(df /usr/share/omr-server/speedtest | awk '/[0-9]%/{print $(NF-2)}')" -gt 2000000 ]; then
		echo "Generate speedtest image..."
		dd if=/dev/urandom of=/usr/share/omr-server/speedtest/test.img count=1024 bs=1048576
		echo "Done"
	fi
fi

# Add OpenMPTCProuter VPS script version to /etc/motd
if [ -f /etc/motd.head ]; then
	if grep --quiet 'OpenMPTCProuter VPS' /etc/motd.head; then
		sed -i "s:< OpenMPTCProuter VPS [0-9]*\.[0-9]*\(\|-test[0-9]*\) >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd.head
		sed -i "s:< OpenMPTCProuter VPS \$OMR_VERSION >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd.head
	else
		echo "< OpenMPTCProuter VPS $OMR_VERSION >" >> /etc/motd.head
	fi
elif [ -f /etc/motd ]; then
	if grep --quiet 'OpenMPTCProuter VPS' /etc/motd; then
		sed -i "s:< OpenMPTCProuter VPS [0-9]*\.[0-9]*\(\|-test[0-9]*\) >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd
		sed -i "s:< OpenMPTCProuter VPS \$OMR_VERSION >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd
	else
		echo "< OpenMPTCProuter VPS $OMR_VERSION >" >> /etc/motd
	fi
else
	echo "< OpenMPTCProuter VPS $OMR_VERSION >" > /etc/motd
fi

if [ "$SOURCES" != "yes" ]; then
	apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true
	rm -f /etc/openmtpcprouter-vps-admin/update-bin
fi

if [ "$update" = "0" ]; then
	# Display important info
	echo '===================================================================================='
	echo "OpenMPTCProuter Server $OMR_VERSION is now installed !"
	echo '\033[1m SSH port: 65222 (instead of port 22)\033[0m'
	if [ "$OMR_ADMIN" = "yes" ]; then
		echo '===================================================================================='
		echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
		echo 'OpenMPTCProuter Server key (you need OpenMPTCProuter >= 0.42):'
		echo $OMR_ADMIN_PASS
		echo 'OpenMPTCProuter Server username (you need OpenMPTCProuter >= 0.42):'
		echo 'openmptcprouter'
		echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
		echo '===================================================================================='
	fi
	echo 'Shadowsocks port: 65101'
	echo 'Shadowsocks encryption: chacha20'
	echo 'Your shadowsocks key: '
	echo $SHADOWSOCKS_PASS
	echo 'Your shadowsocks 2022 key: '
	echo "${PSK}:${UPSK}"
	echo 'Glorytun port: 65001'
	echo 'Glorytun encryption: chacha20'
	echo 'Your glorytun key: '
	echo $GLORYTUN_PASS
	if [ "$DSVPN" = "yes" ]; then
		echo 'A Dead Simple VPN port: 65401'
		echo 'A Dead Simple VPN key: '
		echo $DSVPN_PASS
	fi
	if [ "$MLVPN" = "yes" ]; then
		echo 'MLVPN first port: 65201'
		echo 'Your MLVPN password: '
		echo $MLVPN_PASS
	fi
	if [ "$UBOND" = "yes" ]; then
		echo 'UBOND first port: 65251'
		echo 'Your UBOND password: '
		echo $UBOND_PASS
	fi
	if [ "$OMR_ADMIN" = "yes" ]; then
		echo "OpenMPTCProuter API Admin key (only for configuration via API, you don't need it): "
		echo $OMR_ADMIN_PASS_ADMIN
		echo 'OpenMPTCProuter Server key: '
		echo "\033[1m${OMR_ADMIN_PASS}\033[0m"
		echo 'OpenMPTCProuter Server username: '
		echo 'openmptcprouter'
	fi
	if [ "$VPS_CERT" = "0" ]; then
		echo 'No working domain detected, not able to generate certificate for v2ray.'
		echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.'
	fi
	echo '===================================================================================='
	echo 'Keys are also saved in /root/openmptcprouter_config.txt, you are free to remove them'
	echo '===================================================================================='
	echo '\033[1m  /!\ You need to reboot to enable MPTCP, shadowsocks, glorytun and shorewall /!\ \033[0m'
	echo '------------------------------------------------------------------------------------'
	echo ' For kernel 5.4, after reboot, check with uname -a that the kernel name contain mptcp.'
	echo ' Else, you may have to modify GRUB_DEFAULT in /etc/default/grub'
	echo ' For 6.x kernels, check that a 6.x kernel is used, no kernel name changes.'
	echo '===================================================================================='

	# Save info in file
	cat > /root/openmptcprouter_config.txt <<-EOF
	SSH port: 65222 (instead of port 22)
	EOF
	if [ "$SHADOWSOCKS" = "yes" ]; then
		cat >> /root/openmptcprouter_config.txt <<-EOF
		Shadowsocks port: 65101
		Shadowsocks encryption: chacha20
		Your shadowsocks key: ${SHADOWSOCKS_PASS}
		EOF
	fi
	if [ "$SHADOWSOCKS_GO" = "yes" ]; then
		cat >> /root/openmptcprouter_config.txt <<-EOF
		Your shadowsocks 2022 key: ${PSK}:${UPSK}
		EOF
	fi
	if ([ "$GLORYTUN_TCP" = "yes" ] || [ "$GLORYTUN_UDP" = "yes" ]); then
		cat >> /root/openmptcprouter_config.txt <<-EOF
		Glorytun port: 65001
		Glorytun encryption: chacha20
		Your glorytun key: ${GLORYTUN_PASS}
		EOF
	fi
	if [ "$DSVPN" = "yes" ]; then
		cat >> /root/openmptcprouter_config.txt <<-EOF
		A Dead Simple VPN port: 65401
		A Dead Simple VPN key: ${DSVPN_PASS}
		EOF
	fi
	if [ "$MLVPN" = "yes" ]; then
		cat >> /root/openmptcprouter_config.txt <<-EOF
		MLVPN first port: 65201
		Your MLVPN password: $MLVPN_PASS
		EOF
	fi
	if [ "$UBOND" = "yes" ]; then
		cat >> /root/openmptcprouter_config.txt <<-EOF
		UBOND first port: 65251
		Your UBOND password: $UBOND_PASS
		EOF
	fi
	if [ "$OMR_ADMIN" = "yes" ]; then
		cat >> /root/openmptcprouter_config.txt <<-EOF
		Your OpenMPTCProuter ADMIN API Server key (only for configuration via API access, you don't need it): $OMR_ADMIN_PASS_ADMIN
		Your OpenMPTCProuter Server key: $OMR_ADMIN_PASS
		Your OpenMPTCProuter Server username: openmptcprouter
		EOF
	fi
	#systemctl -q restart sshd
else
	echo '===================================================================================='
	echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !"
	echo 'Keys are not changed, shorewall rules files preserved'
	echo 'You need OpenMPTCProuter >= 0.30'
	echo '===================================================================================='
	echo 'Restarting systemd daemon...'
	systemctl -q daemon-reload
	echo 'done'
	echo 'Restarting systemd network...'
	systemctl -q restart systemd-networkd
	echo 'done'
	if [ "$MLVPN" = "yes" ]; then
		echo 'Restarting mlvpn...'
		systemctl -q restart mlvpn@mlvpn0
		echo 'done'
	fi
	if [ "$UBOND" = "yes" ]; then
		echo 'Restarting ubond...'
		systemctl -q restart ubond@ubond0
		echo 'done'
	fi
	if [ "$V2RAY" = "yes" ]; then
		echo 'Restarting v2ray...'
		systemctl -q restart v2ray
		echo 'done'
	fi
	if [ "$XRAY" = "yes" ]; then
		echo 'Restarting xray...'
		systemctl -q restart xray
		echo 'done'
	fi
	if [ "$DSVPN" = "yes" ]; then
		echo 'Restarting dsvpn...'
		systemctl -q start dsvpn-server@dsvpn0 || true
		systemctl -q restart 'dsvpn-server@*' || true
		echo 'done'
	fi
	if [ "$GLORYTUN_TCP" = "yes" ]; then
		echo 'Restarting glorytun tcp...'
		systemctl -q start glorytun-tcp@tun0 || true
		systemctl -q restart 'glorytun-tcp@*' || true
	fi
	if [ "$GLORYTUN_UDP" = "yes" ]; then
		systemctl -q start glorytun-udp@tun0 || true
		systemctl -q restart 'glorytun-udp@*' || true
		echo 'done'
	fi
	echo 'Restarting omr6in4...'
	systemctl -q start omr6in4@user0 || true
	systemctl -q restart omr6in4@* || true
	echo 'done'
	if [ "$OPENVPN" = "yes" ]; then
		echo 'Restarting OpenVPN'
		systemctl -q restart openvpn@tun0
		systemctl -q restart openvpn@tun1
		echo 'done'
	fi
	if [ "$WIREGUARD" = "yes" ]; then
		echo 'Restarting WireGuard'
		systemctl -q restart wg-quick@wg0
		echo 'done'
	fi
	if [ "$OMR_ADMIN" = "yes" ]; then
		echo 'Restarting OpenMPTCProuter VPS admin'
		systemctl -q restart omr-admin
		echo 'done'
		if ! grep -q 'Server key' /root/openmptcprouter_config.txt ; then
			cat >> /root/openmptcprouter_config.txt <<-EOF
			Your OpenMPTCProuter Server key: $OMR_ADMIN_PASS
			Your OpenMPTCProuter Server username: openmptcprouter
			EOF
			echo '===================================================================================='
			echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
			echo 'OpenMPTCProuter Server key:'
			echo $OMR_ADMIN_PASS
			echo 'OpenMPTCProuter Server username:'
			echo 'openmptcprouter'
			echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
			echo '===================================================================================='
		else
			echo '!!! Keys are in /root/openmptcprouter_config.txt !!!'
		fi
	fi
	if [ "$VPS_CERT" = "0" ]; then
		echo 'No working domain detected, not able to generate certificate for v2ray.'
		echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.'
	fi
	echo 'Apply latest sysctl...'
	sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 || true
	echo 'done'
	echo 'Restarting omr...'
	systemctl -q restart omr
	echo 'done'
	if [ "$SHADOWSOCKS" = "yes" ]; then
		echo 'Restarting shadowsocks...'
		systemctl -q restart shadowsocks-libev-manager@manager
	fi
	if [ "$SHADOWSOCKS_GO" = "yes" ]; then
		echo 'Restarting shadowsocks-go...'
		systemctl -q restart shadowsocks-go
	fi
#	if [ $NBCPU -gt 1 ]; then
#		for i in $NBCPU; do
#			systemctl restart shadowsocks-libev-server@config$i
#		done
#	fi
	echo 'done'
	echo 'Restarting shorewall...'
	systemctl -q restart shorewall
	systemctl -q restart shorewall6
	echo 'done'
	echo '===================================================================================='
	echo '\033[1m  /!\ You need to reboot to use latest MPTCP kernel /!\ \033[0m'
	echo '===================================================================================='
fi
